https://github.com/GitHubSecurityLab/CodeQL-Community-Packs
Collection of community-driven CodeQL query, library and extension packs
https://github.com/GitHubSecurityLab/CodeQL-Community-Packs
codeql
Last synced: about 1 month ago
JSON representation
Collection of community-driven CodeQL query, library and extension packs
- Host: GitHub
- URL: https://github.com/GitHubSecurityLab/CodeQL-Community-Packs
- Owner: GitHubSecurityLab
- License: mit
- Created: 2023-09-13T10:52:16.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2025-05-07T08:31:24.000Z (about 2 months ago)
- Last Synced: 2025-05-07T08:41:59.264Z (about 2 months ago)
- Topics: codeql
- Language: Java
- Homepage: https://securitylab.github.com/
- Size: 2.62 MB
- Stars: 151
- Watchers: 5
- Forks: 20
- Open Issues: 12
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
- Support: SUPPORT.md
Awesome Lists containing this project
- awesome-codeql - GitHub Security Lab community - Collection of community-driven CodeQL query, library and extension [packages](https://github.com/orgs/githubsecuritylab/packages). Blog: [Announcing CodeQL Community Packs](https://github.blog/security/vulnerability-research/announcing-codeql-community-packs/) (CodeQL [Packs](https://docs.github.com/en/code-security/codeql-cli/using-the-codeql-cli/publishing-and-using-codeql-packs))
README
# CodeQL Community Packs
[](https://github.com/GitHubSecurityLab/Community-CodeQL-Packs)
[](https://github.com/GitHubSecurityLab/Community-CodeQL-Packs/actions/workflows/publish.yml?query=branch%3Amain)
[](https://github.com/GitHubSecurityLab/Community-CodeQL-Packs/issues)
[](https://github.com/GitHubSecurityLab/Community-CodeQL-Packs)
[](./LICENSE)
Collection of community-driven CodeQL query, library and extension packs
## Getting started
### Default query suites
Using a `githubsecuritylab/codeql-LANG-queries` query pack will reference the default suite for that pack (e.g. `python.qls` for python). However, you may use a different suite such as `python-audit.qls` by referencing the query pack with the following syntax: `githubsecuritylab/codeql-python-queries:suites/python-audit.qls`. The examples below work for both syntaxes.
### Using a community pack from the CodeQL Action
> [!IMPORTANT]
> For language aliases in `strategy.matrix.language`, use `cpp` instead of `c-cpp`, `java` instead of `java-kotlin` and `javascript` instead of `javascript-typescript`.
```yaml
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
packs: githubsecuritylab/codeql-${{ matrix.language }}-queries
```
### Using community packs with provided configuration file
This repository has a number of [provided configuration files][configurations] you can use or copy from the community packs.
```yaml
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
config-file: GitHubSecurityLab/CodeQL-Community-Packs/configs/default.yml@main
```
### Using a community pack from the CLI configuration file
```bash
$ cat codeql-config.yml | grep -A 1 'packs:'
packs:
- githubsecuritylab/codeql-python-queries
```
### Using a community pack from the CodeQL CLI
```bash
codeql database analyze db/ --download githubsecuritylab/codeql-python-queries --format=sarif-latest --output=results.sarif
```
## License
This project is licensed under the terms of the MIT open source license. Please refer to [MIT](./LICENSE) for the full terms.
## Support
Please [create GitHub issues](https://github.com/advanced-security/brew-dependency-submission-action) for any feature requests, bugs, or documentation problems.
[configurations]: ./configs